Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 237

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Here are the 3 big things we're watching in the stock market in the week ahead
The PWHL is growing and post-Olympics boom may take women's hockey to the next level
FedEx trucking spinoff targets 2026 operating margin of 12%
Homebuyer mortgage demand drops annually for the first time in over a year, as war fuels uncertainty
Tell me about barre classes
Trump praises Hungary PM Viktor Orbán after Vance calls him at Budapest rally
Delta, Southwest raise checked bag fees $10 amid jet fuel price surge, joining other carriers
Trump threatens tariffs of 50% on countries 'supplying military weapons to Iran'
Epstein files: Ex-AG Pam Bondi’s April 14 testimony before House Oversight to be rescheduled
AI's next bottleneck: Why even the best chips made in the U.S. take a round trip to Taiwan